DSU's Dr. Hu Co-Authors Research Paper On Password Vulnerability

Posted: September 5, 2013

Dr. Hongxin Hu, DSU assistant professor of computer science, is part of a research team that has raised security concerns over a relatively new “picture password” that comes with the Microsoft Windows 8, the latest operating system to come from that software giant.

Dr. Hu along with three researchers from Arizona State University – Dr. Gail-Joon Ahn, professor of computer science; doctoral student Ziming Zhao; and master degree student Jeong-Jin Seo – have co-authored a paper that details how they have developed algorithms that reveal vulnerabilities in the otherwise innovative picture password.

Windows 8’s picture password allows users to use “gesture” passwords – to pick points on a photo image by a sequence of tapping, making a circle or drawing a line all with one finger – instead of using the tradition text-based password system.

Dr. Hu and his research colleagues claim in the paper that they collected more than 10,000 picture passwords from over 800 subjects through online user studies. The passwords were connected with a variety of images, which included people, animals, landscape, civilization and computer generated pictures.

By developing algorithms that identified the points of interest that users were likely to choose for password patterns, the research team – led by Dr. Ahn – was able to crack 48.8% of the passwords for previously unseen pictures in one dataset and 24.0% in another, according to their paper.

“We implemented a picture-password-strength meter,” Dr. Hu said. He added that was a critical part of the research project.

The paper has inspired a number of articles in the U.S. and the United Kingdom in computer and technology related publications and media websites.